Imagine you’re running your own graphic design studio. It is a small setup, with just two more people working under you, but it is enough to manage the design requirements of 10-15 clients. You are on the verge of securing your first big account after months of hard work. However, just before you have to send in the final design pitch to finalise the contract, your system begins lagging. It slows down whenever you start designing or open a file, making it almost impossible for you to work. The situation at office is even worse; one system freezes whenever the heavy design application is opened, while the other completely crashes. You miss out on the new account, and too many missed deadlines cause your existing clients to move away. Years of hard work and toil go down the drain – all because your systems failed to function as expected, when you needed it the most.

Frightening, isn’t it — especially in this era of technology when our dependence on digital devices has never been greater? What’s even more frightening is the fact that this hypothetical scenario is not hypothetical at all. With the emerging threat of cryptojacking, situations like this could very well become the common narrative quite soon.

Cybercriminals have been deploying highly-sophisticated cyber-attacks to compromise vulnerable systems and unethically hijack their processing power to secretly mine cryptocurrencies. This process, called cryptojacking, is a low investment and high-returns game. DIY cryptojacking kits are currently available on the Dark Web for as low as $30, and compromised systems – unlike systems infected by ransomware – start generating revenues from the very moment they get infected. Moreover, since such attacks don’t pose an apparent threat to data, most users don’t even report cryptojacking attacks. This makes it very difficult to detect and track the attacks back to the hacker(s).

As a result, cryptojacking is on the rise across the world, fast displacing ransomware as the number one threat to individuals and businesses. Quick Heal Security Labs detected more than 3 million cryptojacking hits between January and May 2018.

# Understanding cryptojacking: How it works, and how to identify if your system has been infected

Cryptojacking can affect your system in two main ways. Attackers could target you with an elaborate phishing manoeuvre to get you to download an infected file or open an infected link that installs a cryptomining code onto your system. This method, however, is mostly used as a failsafe. Majority of all cryptojacking operations are estimated to be conducted via the online medium; attackers infect online ads and websites with JavaScript-based cryptomining codes, which auto-execute whenever you access a compromised website or ad.

This brings us to identifying if your system has been cryptojacked. Being the silent threat that it is, cryptojacking is usually not easy to detect. There are, however, some telling symptoms that can help you identify if you’ve been hit by a cryptojacking attack.

The most prominent marker is the system performance. Since a cryptojacked system’s processing power is redirected towards cryptocurrency mining operations, your system may become inexplicably slow and might freeze whenever you open a heavy application. There is also a possibility that the infected system may crash due to CPU overutilization. Overheating is another common symptom of cryptojacking, especially in mobile devices, while infected laptops and desktops often tend to have their exhaust fans operating at maximum speeds.

# How to secure your system against cryptojacking attacks?

Since most cryptojacking attacks are conducted through infected websites and online ads, it is usually a good idea to install ad-blocking software on your web browser. Ad-blockers prevent online ads from opening on your system and minimise the cryptojacking risk that you expose yourself to. What definitely works in the defence against cryptojacking is a robust security profile. State-of-the-art security solutions equipped with advanced features like malware protection and email security can help you protect your devices from such attacks. In addition, you should be careful about where and with whom you share your personal information – such as the name, email address, telephone number etc. – online. Avoid clicking on suspicious websites or links, and don’t download anything that doesn’t come from a trusted source.

The global security landscape is transforming rapidly. Newer threats are emerging every day, while older threats are evolving at an unprecedented pace. This dynamically-changing security environment makes it necessary for you to know the kind of threats you’re up against. Cryptojacking can significantly curtail your ability to function in this digital-first day and age. But knowledge, especially in the security domain, is power. Knowing what to do and what not to do can help you adequately defend yourself against this silent but highly-effective security threat.

(By Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Ltd)